.Globeimposter-Alpha865qqz勒索病毒持续威胁财务服务器

经过短暂时期的消失后，.Globeimposter-Alpha865qqz勒索病毒再次出现在国内互联网上，包括在物理机和云主机上连续作案，目前大多数中毒服务器为金蝶/用友财务服务器，以及部分OA和文件服务器。

说明文件《HOW TO BACK YOUR FILES !!!.TXT》内容类似如下：

YOUR FILES ARE ENCRYPTED !!!

TO DECRYPT, FOLLOW THE INSTRUCTIONS:

To recover data you need decrypt tool.

To get the decrypt tool you should:

1.In the letter include your personal ID! Send me this ID in your first email to me!

2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files!

3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 

4.We can decrypt few files in quality the evidence that we have the decoder.

DO NOT TRY TO DO SOMETHING WITH YOUR FILES BY YOURSELF YOU WILL BRAKE YOUR DATA !!! ONLY WE ARE CAN HELP YOU!CONTACT US:

China.Helper@aol.com

ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER:

Your personal ID: ***-***-***

Attention!

 * Do not rename encrypted files.

 * Do not try to decrypt your data using third party software, it may cause permanent data loss.

 * Decryption of your files with the help of third parties may cause increased price (they add their fee to our)

 or you can become a victim of a scam.

而且近期有不少客户多出现多重加密的情况十分狡猾。

此类型勒索病毒样本我们已经多次分析过，其加密机制、解密办法、预防方案我们均有大量成功经验，帮助大量客户完美还原数据。

此类型病毒家族包括且不限于：

.Globeimposter-Alpha865qqz
.Globeimposter-Beta865qqz
.Globeimposter-Delta865qqz
.Globeimposter-Epsilon865qqz
.Globeimposter-Gamma865qqz
.Globeimposter-Zeta865qqz

用户中病毒后应第一时间断网，检查排除未感染设备，中毒设备切不可盲目操作，关机或关闭程序运行都属于高风险操作，可能导致数据永久性丢失，请第一时间联系专业安全人员，详细沟通软硬件状态，以安全专业方式排除风险恢复数据。

24小时应急响应热线：15021662155 / 15611033457